Working in IT for the U.S. DoD

Working in IT for the U.S. DoD

Step into the world of U.S. DoD IT roles. Equip yourself with the knowledge of pivotal DoD Directives and achieve the certifications that set you apart.

DoD Directives 8570, 8570.01-M, and 8140

If you’re interested in working in any technology-related role for the U.S. Department of Defense, you are required per Directive 8140 (which replaced Directive 8570) to obtain and maintain industry certification credentials that have been accredited by the American National Standards Institute (ANSI). This is true for everyone (both civilians and those still serving in the military) who will have privileged access to DoD’s Information Systems.

CCS Learning Academy offers qualified certificate courses from accreditors like CompTIA, (ISC)2, and more! Veterans can work with us to get the credentials they need to be hired for DoD cybersecurity jobs. We can also help individuals obtain the continuing education credits necessary to maintain their existing certifications.


73 %

of workers say that the top benefit of certification is credibility.

57 %

of workers say a certification will help them advance in their current job.

56 %

of workers say a certification will improve their chances for a new position.

In recent CompTIA research, the large majority of IT and business executives involved in security indicated that IT staff certification has made a difference.

CCS Learning Academy

CCS Learning Academy Logo

Trusted experts in the technology sector since 1997

IT & business training for professionals at all levels

A network of trainers and clients spanning the entire U.S.

Certifications Approved for DoD Directive 8140/8570.01-M

DoD Directive 8140 is a replacement on and expansion of Directive 8570, which was first released in 2005 to help the DoD manage and audit its cybersecurity personnel. Since then, both the world and technology have changed – a lot! DoD 8140 is the result of several important decisions made to better reflect today’s tech landscape and job market.

Among other updates to DoD 8570, DoD 8140 covers the following:

  • Updates and expansions on DoD policies, processes, and responsibilities around managing its cybersecurity workforce.
  • The establishment of a DoD cyberspace workforce management council.
  • Unification and alignment of technology work roles with regard to baseline qualifications and training requirements.

DoD technology jobs are an excellent fit for many Veterans, as their experiences and clearances translate into distinct advantages in this environment. CCS Learning Academy can help you understand what career pathways are available, what certifications you will need along the way, and how to launch a successful IT career at the U.S. DoD.


Download this guide to see the complete roadmap to success for aspiring DoD technology professionals per Directive 8140/8570.01-M.

More CompTIA Certifications Now Approved for Directive 8140/8570.01-M!

CompTIA is proud to be the leading choice in certifications for DoD personnel and contractors, helping hundreds of thousands of servicemen, servicewomen, and DoD civilians to meet their Directive 8140/8570 requirements. CompTIA certifications also serve as the building blocks for more advanced certifications; for example, CompTIA Network+ and Security+ are accepted as prerequisites to the Microsoft Software & Systems Academy training course.


CompTIA A+

This credential validates the foundational knowledge for IT Technical Support. It’s recognized as the standard for foundation-level IT knowledge and skills, including installing, configuring, diagnosing and preventive maintenance of hardware and software components, as well as networks and soft skills.


CompTIA Network+

This credential validates the knowledge of networking professionals with at least 9-12 months of experience in network support or administration or adequate academic training. Many corporations recommend or require this certification for their IT employees; it is one of CompTIA’s core certifications.


CompTIA Security+

This credenttial validates mastery of security knowledge for an individual with two years of on-the-job networking experience, with emphasis on security. The exam covers threats, attacks, and vulnerabilities; technologies and tools; architecture and design; identity and access management; risk management; and cryptography and PKI.


CompTIA Cloud+

Approved for three 8140/8570 job roles, this certification validates the expertise needed to maintain and optimize cloud infrastructure services. IT professionals with a Cloud+ certification can better realize the return on investment of cloud infrastructure services. Cloud+ reflects the breadth of skills needed for data center job roles.



Approved for five 8140/8570 job roles, this is designed for IT security analysts as well as vulnerability and threat intelligence analysts. The successful candidate has the knowledge and skills required to configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organization.



This certification is designed to meet the growing demand for advanced IT security in the enterprise. It tests critical thinking and judgment across a broad spectrum of security disciplines and requires candidates to implement clear solutions in complex environments. The exam covers enterprise security, risk management and incident response, research and analysis, integration of computing, and communications and business disciplines as well as technical integration of enterprise components.

Why choose CCS Learning Academy?

CCS Learning Academy is one of the industry’s top CompTIA training partners, and we have a team dedicated to working exclusively with transitioning and experienced Veterans. We are honored to assist U.S. service members in transitioning from active duty to high-paying careers in the civilian IT workforce.

Your future is waiting.

Start the next phase of your career today!

Certifications Approved for DoD Directive 8570.01

While DoD Directive 8140 was issued to update and replace DoD 8570, the older Directive 8570 (technically, 8570.01) is still around. It may take a long time to issue a comprehensive manual covering the 8140 security requirements, which is why DoD 8140 still refers to the DoD 8570 manual (“DoD 8570.01-M”).

Like its successor, DoD 8570 requires all users of DoD information systems to meet certain compliance requirements. These requirements include holding certifications accredited by the American National Standards Institute (ANSI). Per the Directive, there are three levels of certification for Information Assurance Technicians (IAT) and Information Assurance Management (IAM) professionals. Anyone wishing to hold these kinds of positions at the U.S. DoD must obtain at least one of the certifications required for the relevant job level.


Download this guide to see the full list of approved baseline certifications per DoD Directive 8570.01.

DoD 8140, 8570.01-M, and 8570-Approved Courses from CCS Learning Academy

CISM: Certified Information Security Manager

38 Lessons
24 hours
What you'll learn
Our CISM certification training and CISM online course provide in-depth coverage of the four domains required to pass the CISM exam.
Domain 1: Information Security Governance
Domain 2: Information Risk Management and Compliance
Domain 3: Information Security Program Development and Management
Domain 4: Information Security Incident Management

CRISC: Certified Risk and Information Systems Control

27 Lessons
24 hours
What you'll learn
By the end of either the CRISC certification training or CRISC online training course, you will master the four CRISC domains.
Domain 1: IT Risk Identification
Domain 2: IT Risk Assessment
Domain 3: Risk Response and Mitigation
Domain 4: Risk Control, Monitoring, and Reporting

CGEIT: Certified in the Governance of Enterprise IT

32 hours
What you'll learn
Follow the format and structure of the CGEIT Certification Exam
Identify the various topics and technical areas covered by the exam
Enable students to implement strategies, tips, and techniques for taking and passing the exam
Apply key learning to practice questions

CompTIA PenTest+


CompTIA PenTest+

40 hours
What you'll learn
Plan and scope penetration tests.
Conduct passive reconnaissance.
Perform non-technical tests to gather information.
Conduct active reconnaissance.
Analyze vulnerabilities.
Penetrate networks.
Exploit host-based vulnerabilities.
Test applications.
Complete post-exploit tasks.
Analyze and report pen test results.

SSCP – Systems Security Certified Practitioner

40 hours
What you'll learn
In-depth coverage of the seven domains required to pass the SSCP exam.
Domain 1: Access Control
Domain 2: Security Operations and Administration
Domain 3: Risk Identification, Monitoring, and Analysis
Domain 4: Incident Response and Recovery
Domain 5: Cryptography
Domain 6: Networks and Communications Security
Domain 7: Systems and Application Security

CSSLP – Certified Secure Software Lifecycle Professional

40 hours
All Levels
What you'll learn
The course on CSSLP teaches how to secure your applications. After having CSSLP certification from (ISC) ², your application security capability within the software development lifecycle will be authorized. In-depth coverage of the eight domains required to pass the CSSLP exam.
Domain 1: Secure Software Concepts
Domain 2: Security Software Requirements
Domain 3: Secure Software Design
Domain 4: Secure Software Implementation/Coding
Domain 5: Secure Software Testing
Domain 6: Software Acceptance
Domain 7: Software Deployment, Operation, Maintenance and Disposal
Domain 8: Supply Chain and Software Acquisition

Certified Ethical Hacker | CEH


Certified Ethical Hacker | CEH

40 hours
What you'll learn
Information security controls, laws, and standards.
Foot printing, foot printing tools, and countermeasures.
Network scanning techniques and scanning countermeasures.
Enumeration techniques and enumeration countermeasures.
Vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems.
System hacking methodology, steganography, stag analysis attacks, and covering tracks to discover system and network vulnerabilities.
Different types of malware (Trojan, Virus, worms, etc.), system auditing for malware attacks, malware analysis, and countermeasures.
Packet sniffing techniques to discover network vulnerabilities and countermeasures to defend against sniffing.
Social engineering techniques and how to identify theft attacks to audit human-level vulnerabilities and social engineering countermeasures.
DoS/DDoS attack techniques and tools to audit a target and DoS/DDoS countermeasures.
Session hijacking techniques to discover network-level session management, authentication/authorization, and cryptographic weaknesses and countermeasures.
Web Server attacks and a comprehensive attack methodology to audit vulnerabilities in web server infrastructure, and countermeasures.
Web application attacks, comprehensive web application hacking methodology to audit vulnerabilities in web applications, and countermeasures.
SQL injection attack techniques, injection detection tools to detect SQL injection attempts, and countermeasures.
Wireless encryption, wireless hacking methodology, wireless hacking tools, and Wi-Fi security tools.
Mobile platform attack vector, android vulnerability exploitations, and mobile security guidelines and tools.
Firewall, IDS and honeypot evasion techniques, evasion tools and techniques to audit a network perimeter for weaknesses, and countermeasures.
Cloud computing concepts (Container technology, serverless computing), the working of various threats and attacks, and security techniques and tools.
Penetration testing, security audit, vulnerability assessment, and penetration testing roadmap.
Threats to IoT and OT platforms and defending IoT and OT devices.
Cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools.

Computer Hacking Forensic Investigator | CHFI

16 Lessons
40 hours
What you'll learn
Establish threat intelligence and key learning points to support pro-active profiling and scenario modeling
Perform anti-forensic methods detection
Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
Extract and analyze of logs from various devices like proxy, firewall, IPS, IDS, Desktop, laptop, servers, SIM tool, router, firewall, switches AD server, DHCP logs, Access Control Logs & conclude as part of investigation process.
Identify & check the possible source / incident origin.
Recover deleted files and partitions in Windows, Mac OS X, and Linux
Conduct reverse engineering for known and suspected malware files
Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
The computer forensic investigation process and the various legal issues involved
Evidence searching, seizing, and acquisition methodologies in a legal and forensically sound manner
Types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category
Roles of the first responder, first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, and reporting the crime scene
Setting up a computer forensics lab and the tools involved in it
Various file systems and how to boot a disk
Gathering volatile and non-volatile information from Windows
Data acquisition and duplication rules
Validation methods and tools required
Recovering deleted files and deleted partitions in Windows, Mac OS X, and Linux
Forensic investigation using AccessData FTK and EnCase
Steganography and its techniques
Steganalysis and image file forensics
Password cracking concepts, tools, and types of password attacks
Investigating password protected files
Types of log capturing, log management, time synchronization, and log capturing tools
Investigating logs, network traffic, wireless attacks, and web attacks
Tracking emails and investigating email crimes
Mobile forensics and mobile forensics software and hardware tools
Writing investigative reports
Dark Web Forensics and IOT Forensics

CompTIA Cybersecurity Analyst (CySA+)

40 hours
What you'll learn
Assess information security risk in computing and network environments.
Analyze reconnaissance threats to computing and network environments.
Analyze attacks on computing and network environments.
Analyze post-attack techniques on computing and network environments.
Implement a vulnerability management program.
Collect cybersecurity intelligence.
Analyze data collected from security and event logs.
Perform active analysis on assets and networks.
Respond to cybersecurity incidents.
Investigate cybersecurity incidents.
Address security issues with the organization’s technology architecture.

CCAS Check Point Certified Automation Specialist

13 Lessons
16 hours
What you'll learn
Explain how automation and orchestration work together
Understand the key drivers for incorporating automation and orchestration into security management
Execute a shell script that demonstrates how to build a comprehensive Security Policy.
Recognize how the Check Point API framework integrates with R80 Security Management to support automation and orchestration of daily tasks
Describe Check Point API tools and demonstrate how they are used to manage Check Point Security Management solutions
Demonstrate how to define new objects and modify existing ones by using the Check Point API
Demonstrate how to create API commands to efficiently maintain the Check Point Security Management Server database
Demonstrate how to use different methods to update the database with API commands
Become familiar with client-side and server-side scripting and scripting languages
Understand how to use the Bash shell to develop APIs
Recognize and describe many of the open source tools that are available to assist with API development
Demonstrate how to use a custom REST application to update the database of a Security Management Server
Demonstrate how to use Postman to manage the Security Policy database through the Check Point API
Understand what steps to take to troubleshoot and debug API scripts
Demonstrate basic troubleshooting techniques by reviewing debugging messages in various forms
Understand how to use self-service portal capabilities to provide general IT services
Recognize how automation tools work with Check Point APIs to automate security management tasks and orchestrate workflow behind service portals
Demonstrate common tasks that are automated in a Web portal to manage the Security Policy

CCES Check Point Certified Endpoint Specialist

14 Lessons
16 hours
What you'll learn
Explain how Endpoint Security works to enforce corporate security compliance for end users and their devices.
Become familiar with the Check Point Endpoint Security Solution architecture and how it integrates with Check Point Network Security Management.
Identify and describe key elements of the SmartEndpoint Management console.
Discuss Endpoint Security Software Blade options and how they are managed from the SmartEndpoint Management console.
Explain how to create and assign security policies for Endpoint clients using Endpoint Security.
Understand deployment methods and server considerations for Endpoint Security Management installation.
Identify the different ways to install and configure Endpoint clients.
Recognize how to configure VPN connectivity to allow clients connecting outside of the network perimeter to securely access corporate resources.
Understand how Endpoint Security authenticates and verifies clients connecting to the Endpoint Security Management Server.
Describe additional server configurations that are available to help manage Endpoint clients.
Recognize the different types of data security protections available to deploy on end user machines.
Describe how Full Disk Encryption technology protects and recovers data accessed and stored on Endpoint computers.
Understand how to secure removable media devices.
Become familiar with the Remote Help tool and how it supports clients experiencing FDE and Media Encryption issues.
Recognize the types of threats that target Endpoint computers.
Describe Check Point SandBlast Agent and how to deploy it in the Endpoint Security environment.
Explain how SandBlast Agent technology prevents malware from infiltrating Endpoint machines and corporate resources.
Identify SmartEndpoint reporting tools used to monitor and respond quickly to security events.
Understand how to troubleshoot and debug issues

CCMS Check Point Certified Multi-Domain Security Management Specialist

14 Lessons
16 hours
What you'll learn
Discuss challenges associated with securing large-scale business organizations with distributed network environments.
Describe the Check Point Multi-Domain Security Management solution and its benefits.
Understand the components of MDSM and how they work together to help administrators manage multiple network security environments within a single management framework.
Understand how to install and configure the Multi-Domain Security Management environment.
Describe how to implement Management High Availability within the MDSM environment.
Discuss the two types of log server options used to store logs in the Multi-Domain Security Management environment, and how they differ.
Understand how to manage and view Multi-Domain activity logs in SmartConsole.
Understand how to configure and implement Global Policy to manage rules for multiple domains.
Identify various MDSM command line tools commonly used to retrieve information and perform configuration changes on a MDSM Server.
Describe troubleshooting tools to use for addressing MDSM Server issues.
Understand how VSX works and how to integrate the technology within the MDSM environment.

CCSA Check Point Certified Security Administrator

25 Lessons
24 hours
What you'll learn
Interpret the concept of a Firewall and understand the mechanisms used for controlling network traffic.
Describe the key elements of Check Point’s unified Security Management Architecture.
Recognize SmartConsole features, functions and tools.
Understand Check Point deployment options.
Describe the basic functions of Gaia.
Describe the essential elements of a Security Policy.
Understand how traffic inspection takes place in a unified Security Policy.
Summarize how administration roles and permissions assist in managing policy.
Recall how to implement backup techniques.
Understand the Check Point policy layer concept.
Recognize Check Point security solutions and products and how they work to protect your network.
Understand licensing and contract requirements for Check Point security products.
Identify tools designed to monitor data, determine threats and recognize performance improvements.
Identify tools designed to respond quickly and efficiently to changes in gateways, tunnels, remote users, traffic flow patterns, and other activities.
Understand Site-to-Site and Remote Access VPN deployments and communities.
Understand how to analyze and interpret VPN traffic.
Recognize how to define users and user groups.
Understand how to manage user access for internal and external users.
Understand the basic concepts of ClusterXL technology and its advantages.
Understand how to perform periodic administrator tasks as specified in administrator job descriptions.

CCSE Check Point Certified Security Expert

13 Lessons
What you'll learn
Articulate Gaia system management procedures.
Explain how to perform database migration procedures.
Articulate the purpose and function of Management High Availability.
Describe how to use Check Point API tools to perform management functions.
Articulate an understanding of Security Gateway cluster upgrade methods.
Discuss the process of Stateful Traffic inspection.
Articulate an understanding of the Check Point Firewall processes and debug procedures.
Describe advanced ClusterXL functions and deployment options.
Explain how the SecureXL acceleration technology enhances and optimizes Security Gateway performance.
Describe how the CoreXL acceleration technology enhances and improves Security Gateway performance.
Articulate how utilizing multiple traffic queues can make traffic handling more efficient.
Describe different Check Point Threat Prevention solutions for network attacks.
Explain how SandBlast, Threat Emulation, and Threat Extraction help to prevent security incidents.
Recognize alternative Check Point Site-to-Site deployment options.
Recognize Check Point Remote Access solutions and how they differ from each other.
Describe Mobile Access deployment options.

CCTA Check Point Troubleshooting Administration

19 Lessons
16 hours
What you'll learn
Understand how to use Check Point resources for support.
Understand how to perform packet captures using tcmdump and FW Monitor command tools.
Understand the basic process of kernel debugging, and how debug commands are structured.
Recognize how to use various Linux commands for troubleshooting system issues.
Recognize communication issues that may occur between SmartConsole and the SMS and how to resolve them.
Understand how to troubleshoot SmartConsole login and authentication issues.
Understand how to prevent and resolve licensing and contract issues.
Understand how to troubleshoot issues that may occur during policy installation.
Understand communication issues that may occur when collecting logs and how to resolve them.
Recall various tools to use when analyzing issues with logs.
Understand how to restore interrupted communications during heavy logging.
Understand how NAT works and how to troubleshoot issues.
Understand Client Side and Server Side NAT.
Understand how the Access Control Policy functions and how the access control applications work together.
Understand how to troubleshoot issues that may occur with Application Control and URL Filtering.
Understand how the HTTPS Inspection process works and how to resolve issues that may occur during the process.
Understand how to troubleshoot Content Awareness issues.
Recognize how to troubleshoot VPN-related issues.
Understand how to monitor cluster status and work with critical devices.
Recognize how to troubleshoot State Synchronization.
Understand how to troubleshoot communication issues between Identity Sources and Security Gateways.
Understand how to troubleshoot and debug issues with internal Identity Awareness processes.

To say CCS helped me jumpstart my career is an understatement. CCS helps fresh graduates start their professional journey. They provide comprehensive training both technically and professionally that not only prepares you for a full-time job but also helps make you successful in other aspects of your life.

– Santosh Gadila
Senior IT Analyst
U.S. Department of Veteran Affairs

Get Certified for IT Jobs at the U.S. DoD

Call us at (858) 208-4141 or fill out the form below to get in touch with CCS Learning Academy’s Veteran team.
Upload Your Resume
(if applicable)

File(s) size limit is 20MB.